[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: capability interface for idl4
From: |
Jonathan S. Shapiro |
Subject: |
Re: capability interface for idl4 |
Date: |
Fri, 07 Oct 2005 09:32:32 -0400 |
On Fri, 2005-10-07 at 13:05 +0200, Simon Nieuviarts wrote:
> > I think anything protected by sparsity is fundamentally flawed and
> > unacceptable, especially for something as critical as the kernel.
> >
> > Of course I'm not the one whose acceptance it needs, though. ;-)
>
> Hi,
>
> I don't know the typical probability of a logical gate to erroneously
> flipping
> a bit.
It depends on the wattage of the hair dryer you point at it.
A paper was published two years ago investigating hairdryer-induced heat
for the Java security model. The outcome is quite bad, and it appears to
apply to runtime-based security in general. The bad part isn't the hair
dryer. The bad part is that a single bit error is enough to compromise
the entire runtime-based security model.
Random particle hits generate single bit errors in your computer several
times a year.
> But I consider that if the the probability of such an hardware error
> is higher than the probability of a false sparsity match, then relying on
> this sparsity may be a right choice.
Hopefully, my previous note will lead you to reconsider this.
> Anyway, not relying on sparsity at all (if possible) is still a better
> design.
> I'm not yet familiar enough with capabilities to know if it is possible.
It is better, and it is possible, and there are several working systems
that show how to do it.
shap
- Re: problems with hierarchy: L4 pagers, (continued)
- Re: problems with hierarchy: L4 pagers, Marcus Brinkmann, 2005/10/18
- Re: problems with hierarchy: L4 pagers, Marcus Brinkmann, 2005/10/18
- Re: problems with hierarchy: L4 pagers, Espen Skoglund, 2005/10/31
- Re: problems with hierarchy: L4 pagers, Jonathan S. Shapiro, 2005/10/31
- Re: problems with hierarchy: L4 pagers, Espen Skoglund, 2005/10/31
Re: capability interface for idl4, Ludovic Courtès, 2005/10/06
Amoeba's approach to capabilities, Ludovic Courtès, 2005/10/07
Re: Amoeba's approach to capabilities, Jonathan S. Shapiro, 2005/10/07
Re: Amoeba's approach to capabilities, Ludovic Courtès, 2005/10/07
Re: Amoeba's approach to capabilities, Jonathan S. Shapiro, 2005/10/07
Re: Amoeba's approach to capabilities, Ludovic Courtès, 2005/10/10
Re: Amoeba's approach to capabilities, Jonathan S. Shapiro, 2005/10/10
[OT] Trusted hardware, Ludovic Courtès, 2005/10/10
Re: [OT] Trusted hardware, Jonathan S. Shapiro, 2005/10/10